Samsung Washing Machine App Requires Access to Your Contacts and Location

Roben Walker
samsung-washer

Image: David Paul Morris/Bloomberg via Getty Images

Screen Shot 2021-02-24 at 3

Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.

A series of Samsung apps that allow customers to control their internet-connected appliances require access to all the phone’s contacts and, in some cases, the phone call app, phone’s location, and camera. Customers have been furious about this for years. 

On Wednesday, a Reddit user complained that their washing machine app, the Samsung Smart Washer, wouldn’t work “unless I give it access to my contacts, location and camera.” 

This is a common complaint. 

“When I launch the app, the damned thing wants all sort of permissions: location, phone calls, media, and … contacts??? The app won’t work without these permissions,” another Reddit user grumbled last year, referring to another Samsung app—called Smart Home—that requires the same seemingly exaggerated permissions. “Why would the Samsung Smart Home app need access to my contacts?” 

app-screenshot.jpeg

A screenshot of the Samsung Smart Washer app. (Image: Reddit)

The reviews for these two apps, both of which have more than a million installs according to their stats on the Google Play store, aren’t very positive either. The Smart Washer App has an average of 2.1 stars, thanks to a slew of reviews that mention the unnecessary permissions. 

“This app is pointless. It asks for bogus permissions to phone, camera, contacts, location, etc. (pretty much everything needed to monitor your life), then closes when you deny permission to even one of them. What’s the point of an app that just closes when I don’t let it spy on me?” one user wrote.

In their recent reviews, other users’ call the permissions “absurd,” “unacceptable,” “pesky,” and “awful.” One user even called it “spyware.” Reviews for the Smart Home app—with 2.7 stars on the Google Play store—also include similar complaints about the permissions. 

These situations speak to two issues: Apps that demand permissions that they don’t need, and “smart” and internet of things devices that make formerly simple tasks very complicated, and open up potential privacy and security concerns.

Generally speaking, over the last few years, people have become more sensitive to what they’re giving up in privacy and potentially security when they deal with big tech companies. Smart TVs (Samsung included), for example, have been caught listening to users and automatically deliver ads. Tech companies have had to adapt and do better. For example, both Apple and Google allow users to see what data an app has access to, and in some cases users can toggle the permissions individually. The upcoming new version of Android will even have a dedicated “Privacy Dashboard” where users can see which apps used what permissions, and revoke them if they want. Apple’s iOS has similar functionality. But none of this stops app developers from asking users to accept unnecessary permissions.   

It’s unclear why apps that are designed to let you set the type of washing cycle you want, or see how long it’s gonna take for the dryer to be done, would need access to your phone’s contacts. In an FAQ for another Samsung app, the company says it needs access to contacts “to check if you already have a Samsung account set up in your device. Knowing this information helps mySamsung to make the sign-in process seamless.”

Samsung did not respond to a request for comment. 

While there are a lot of people who use these apps, judging from the recent reviews, the Smart Washer and Smart Home apps have not received an update since October 7, 2020, suggesting Samsung does not support them anymore. On its US site, Samsung advertises a smart washing machine with a newer app called SmartThings App, which has less invasive permission requirements compared to the older apps. 

The SmartThings app, according to its Google Play store page, doesn’t list any required permissions, indicating that “you can use the app without optional permissions, but some functions may be limited.” The optional permissions include access to: 

• Location: Used to find nearby devices using Bluetooth or BLE and to automate actions using GPS (GPS is optional)

• Camera: Used to scan QR codes

• Contacts: Used to get phone numbers of your contacts to send text message notifications

• Microphone: Used to provide voice control features

• Storage: Used to save data and to transfer files and content using the app

• Phone: Used to make calls on smart speakers and to show information about the sender when sharing content with another device

If you have a Samsung internet-connected appliance, and are uncomfortable letting its app see all your friend’s phone number, try using the newer app, or maybe just use the washer the good old fashioned way—without a phone.

Subscribe to our cybersecurity podcast, CYBER.

Next Post

How to choose the best server OS for your website

there are many Web hosting Factors to consider before building a website, such as price, bandwidth, storage, and software compatibility. However, one of the most important decisions to make is whether to use Linux or Windows Server as the server operating system. For most people, Linux is a common server […]